The Java 2 Platform, Enterprise Edition (J2EE) specification defines one of the current standards for developing multi-tier enterprise applications. J2EE provides a component-based approach to the design, development, assembly, and deployment of enterprise applications, which both reduces the cost and enables fasten design and implementation. The J2EE platform gives the developer a multi-tiered distributed application model, the ability to reuse components, a unified security model, and flexible transaction control. Not only can they deliver innovative customer solutions to market faster than ever, but the resultant platform-independent J2EE component-based solutions are not tied to the products and application program interfaces (APIs) of any one vendor.
The J2EE specification defines the following kinds of components: application client components; Enterprise JavaBeans (EJB); servlets and Java Server Pages (JSP) (also called Web components); and applets. A multi-tiered distributed application model implies that the application logic is divided into components according to function, and different application components may make up a J2EE application on the same or different servers. Where an application component is actually installed depends on which tier in the multi-tiered J2EE environment the application component belongs. These tiers are depicted in FIG. 1. As shown therein an application server tier 4 is used to develop EJB containers and/or presentation containers such as servlets, JSP, and html pages 14. These in turn are used as an interface between a client tier 2, where the clients 8 and client applications are deployed, and a backend tier 6, used for hosting enterprise or legacy applications such Enterprise Resource Planning (ERP) systems.
Client tier—These can be browsers, Java-based programs, or other Web-enabled programming environments running within the client tier, both inside and outside of corporate firewalls.
Application Server tier—Normally this tier hosts a combination of presentation logic and business logic to support client requests. Presentation logic is supported via JSP pages and servlets that display HTML pages, while business logic is supported via Remote Method Invocation (RMI) objects and EJBs 12. EJBs rely upon the container environment for transactions, lifecycle and state management, resource pooling, security, etc., which together make up the run time environment in which the beans are executed.
Back-end tier—This is generally a combination of existing applications and data stores. It is also referred to as the Enterprise Information Systems (EIS) tier, since it may include such systems as Enterprise Resource Planning (ERP), mainframe transaction processing, database systems, and other legacy information systems.
Since the components of a J2EE application run separately, and often on different devices, there needs to be a way for client and application server tier code to look up and reference other code and resources. Client and application code can, for example, use the Java Naming and Directory Interface (JNDI) 16 to look up user-defined objects such as enterprise beans, and environment entries such as the location of the Java Database Connector (JDBC) DataSource objects, which in turn are used for looking up resources in backend tier, and message connections.
Application behavior such as security and transaction management can be configured at deployment time on Web and enterprise bean components. This deployment time feature decouples application logic from the configuration settings that might vary with the assembly. The J2EE security model lets a developer configure a Web or enterprise bean component so that system resources are accessed only by authorized users. For example, a Web component can be configured to prompt for a user name and password. An Enterprise Bean component can be configured so that only persons in specific groups can invoke certain kinds of its methods. Alternatively, a servlet component might be configured to have some of its methods accessible to everyone, and a few methods accessible to only certain privileged persons in an organization. The same servlet component can be configured for another environment to have all methods available to everyone, or all methods available to only a select few.
Some application servers, such as the WebLogic Server product from BEA Systems, Inc., San Jose, Calif., use an Access Control List (ACL) mechanism that allows for fine-grained control of the usage of components running on the server. Using an ACL, a developer can define at the Java Method level what can, or cannot, be executed by which user or group of users. This ACL mechanism covers anything that runs on the application server except for EJBs, which have their own access control mechanism defined in the EJB specification. Security realms allow the administrator to import information from existing authorization or authentication systems into the ACL.
Java Servlets
A servlet is a program that extends the functionality of a Web server. A servlet receives a request from a client, dynamically generates the response (possibly querying databases to fulfill the request), and then sends the response containing an HTML or XML document to the client. Servlets are similar to CGI but are typically easier to write, since servlets use Java classes and streams. They execute faster because servlets are compiled to Java byte code and at run time the servlet instance is kept in memory, each client request spawning a new thread. Servlets make it easy to generate data to an HTTP response stream in a dynamic fashion. Each client request is performed as a new connection, so flow control does not come naturally between requests. To allow for this session management maintains the state of specific clients between requests. In some application servers, servlets make use of the HTTP session object to save their state between method requests. This object can be replicated in a clustered environment for failover purposes.
Java Server Pages
JSP pages are a text-based, presentation-centric way to develop servlets. JSP pages offer all the benefits of servlets, and when combined with a JavaBeans class, provide an easy way to keep content and display logic separate. Both JSP pages and servlets are more desirable than Common Gateway Interface (CGI), because they are platform-independent, and use less overhead. JSP pages can be used with JavaBeans classes to define Web templates for building a Web site made up of pages with a similar look and feel. The JavaBeans class performs the data rendering, so the templates have no Java code. This means they can be maintained by an HTML editor. Simple Web-based application using a JSP page can be used to bind content to application logic using custom tags or scriptlets instead of a JavaBeans class. Custom tags are bundled into tag libraries that are imported into a JSP page. Scriptlets are small Java code segments embedded directly in the JSP page.
Database Access Services (JDBC)
JDBC acts as a bridge to relational databases, and is modeled on the ODBC (Open Database Connectivity) specification. It decouples the database from the program code through the use of drivers. Some implementations of JDBC provide support for advanced data types, and also support the functionality of scrollable result sets and batch updates.
Java Messaging Services (JMS)
JMS is the J2EE mechanism used to support the exchange of messages between Java programs. This is how Java supports asynchronous communication, wherein the sender and receiver don't need to be aware of each other and thus can operate independently. JMS supports two messaging models:    Point to point—which is based on message queues. In this model message producer sends a message to a queue. A message consumer can attach itself to a queue to listen for messages. When a message arrives on the queue, the consumer takes it off the queue and responds to it. Messages can be sent to just one queue and will be used by just one consumer. Consumers have the option to filter messages to specify the exact message types they want.    Publish and subscribe—which allows producers to send messages to a topic and for all the registered consumers for that topic to retrieve those messages. In this case, many consumers can receive the same message.Java Interface Definition Language (IDL)
CORBA objects use an IDL to specify a contract, ie. how they are going to interact with other objects. With Java IDL, contracts may be defined between the Java world and the CORBA world. Starting with Sun's JDK 1.2, an ORB is included, which allows Java applications to invoke remote CORBA objects via the Internet InterORB (IIOP) protocol.
Enterprise JavaBeans (EJB)
EJB components are designed to encapsulate business logic, so that the developer does not have to be concerned with programming code for typical tasks such as database access, transaction support, security, caching, and concurrency. In the EJB specification these tasks are the responsibility of the EJB container. An enterprise bean consists of interfaces and classes. Clients access enterprise bean methods through the enterprise bean's home and remote interfaces. The home interface provides methods for creating, removing, and locating the enterprise bean and the remote interface provides the business methods. At deployment time, the container creates classes from these interfaces that it then uses to provide access to clients seeking to create, remove, locate, and call business methods on the enterprise bean. The enterprise bean class provides the implementations for the business methods, create methods, and finder methods; and if the bean manages its own persistence, provides implementations for its lifecycle methods.
There are two types of enterprise beans: entity beans and session beans. A session bean represents a transient conversation with a client, and might execute database reads and writes. A session bean can invoke the JDBC calls itself, or it can use an entity bean to make the call, in which case the session bean is a client to the entity bean. A session bean's fields contain the state of the conversation and are transient. If the server or client crashes, the session bean is gone.
An entity bean represents data in a database and the methods to act on that data. In a relational database context for a table of employee information, there may be one bean for each row in the table. Entity beans are transactional and long-lived. As long as the data remains in the database, the entity bean exists. This model can be easily used for relational databases and is not restricted to object databases.
Session beans can be stateful or stateless. A stateful session bean contains conversational state on behalf of the client. The conversational state is the session bean's instance field values plus all objects reachable from the session bean's fields. Stateful session beans do not represent data in a persistent data store, but they can access and update data on behalf of the client. Stateless session beans do not have any state information for a specific client. They typically provide server-side behavior that does not maintain any particular state. Stateless session beans require fewer system resources. A business object that provides a generic service or represents a shared view of stored data is a good candidate for a stateless session bean.
An enterprise bean using container-managed persistence to access a relational database does not require the developer to use any JDBC 2.0 APIs for database access because the container handles this. However, if bean-managed persistence is used, or if there is a need to access an enterprise information system other than a relational database, then the appropriate code to do it must be provided.
In the case of an enterprise bean using bean-managed persistence to access a database, the bean's lifecycle methods with JDBC 2.0 API code must be implemented to handle loading and storing data and maintaining consistency between the run time and persistent database storage. While the Web tier uses HTTP or HTTPS to transfer data between tiers, the EJB tier uses RMI-IIOP. RMI-IIOP is a full-scale distributed computing protocol that gives any client or Web tier program accessing an enterprise bean direct access to the services in the EJB tier. These services include JNDI for referencing enterprise beans, Java Messaging Service (JMS) for sending and receiving asynchronous messages, and JDBC for relational database access.
Transaction Management
One of the most fundamental features of any application server, such as the WebLogic Server system is transaction management. Transactions are a means to guarantee that database transactions are completed accurately and that they take on all the “ACID” properties of a high-performance transaction, including:                Atomicity—all changes that a transaction makes to a database are made permanent; otherwise, all changes are rolled back.        Consistency—a successful transaction transforms a database from a previous valid state to a new valid state.        Isolation—changes that a transaction makes to a database are not visible to other operations until the transaction completes its work.        Durability—changes that a transaction makes to a database survive future system or media failures.        
The J2EE transaction model lets the application developer specify, at deployment time, the relationships among methods which comprise a single transaction, so that all methods in one transaction are treated as a single unit. This is desirable because a transaction is a series of steps that must all complete, or if they do not all complete then all are reversed. For example, the developer might have a series of methods in an enterprise bean that move money from one bank account to another, by debiting the first account, and crediting the second account. In this example, they would want the entire transfer operation to be treated as one unit, so that if there is a failure after the debit and before the credit, then the debit is rolled back.
Transaction attributes are specified on an application component during assembly, allowing the developer to group methods into transactions across application components. In this manner application components can be changed within a J2EE application, and the transaction attributes reassigned without changing code. The Java Transaction Service (JTS) and Java Transaction API (JTA) form the basis of the transactional support in J2EE and more specifically for EJB and JDBC 2.0. The JTS specification is a low-level application program interface (API) for transaction management that maps Java to the Object Management Group (OMG) Object Transaction Service. The JTA specification was developed by Sun Microsystems in cooperation with leading industry partners in the transaction processing and database system arena and specifies standard Java interfaces between a transaction manager, the resource manager, the application server, and the transactional applications. Specifically, JTA is a high-level API that consists of two parts:                Transaction Interface—This enables the work done by distributed components to be bound by a global transaction, and is a way of marking or identifying groups of operations constituting a transaction.        XA Resource Interface—an interface based upon the X/Open or XA interface that enables the handling of distributed transactions. These involve the coordination of transactions across more than one resource, such as within or between a database or queue.        
Most of the time the developer does not need to be concerned about programming explicit transactions with JTA, since that work is performed through the JDBC and EJB API's handled by the container and configured by the application deployment descriptor. The developer can instead focus on the design of the transaction, rather than on its implementation.
WebLogic Server supports both distributed transactions and a two-phase commit protocol for enterprise applications. A distributed transaction is a transaction that updates multiple resource managers (such as databases) in a coordinated manner. In contrast, a local transaction updates a single resource manager. The two-phase commit protocol is a method of coordinating a single transaction across two or more resource managers. It guarantees data integrity by ensuring that transactional updates are committed in all of the participating databases, or are fully rolled back out of all the databases, reverting to the state prior to the start of the transaction. In other words, either all the participating databases are updated, or none of them are updated. Distributed transactions involve the following participants:                Transaction originator—initiates the transaction. The transaction originator can be a user application, an Enterprise JavaBean, or a JMS client.        Transaction manager—manages transactions on behalf of application programs. A transaction manager coordinates commands from application programs to start and complete transactions by communicating with all resource managers that are participating in those transactions. When resource managers fail during transactions, transaction managers help resource managers decide whether to commit or roll back pending transactions.        Recoverable resource—provides persistent storage for data. The resource is most often a database.        Resource manager—provides access to a collection of information and processes.        Transaction-aware JDBC drivers are common resource managers. Resource managers provide transaction capabilities and permanence of actions; they are entities accessed and controlled within a distributed transaction. The communication between a resource manager and a specific resource is called a transaction branch.        
The first phase of the two-phase commit protocol is called the prepare phase. The required updates are recorded in a transaction log file, and the resource must indicate, through a resource manager, that it is ready to make the changes. Resources can either vote to commit the updates or to roll back to the previous state. What happens in the second phase depends on how the resources vote. If all resources vote to commit, all the resources participating in the transaction are updated. If one or more of the resources vote to roll back, then all the resources participating in the transaction are rolled back to their previous state.
Support for Business Transactions
Transactions are appropriate in the example situations described below (although these situations are merely illustrative and not exhaustive).
As a first example, the client application needs to make invocations on several objects, which may involve write operations to one or more databases. If any one invocation is unsuccessful, any state that is written (either in memory or, more typically, to a database) must be rolled back. For example, consider a travel agent application. The client application needs to arrange for a journey to a distant location; for example, from Strasbourg, France, to Alice Springs, Australia. Such a journey would inevitably require multiple individual flight reservations. The client application works by reserving each individual segment of the journey in sequential order; for example, Strasbourg to Paris, Paris to New York, New York to Los Angeles. However, if any individual flight reservation cannot be made, the client application needs a way to cancel all the flight reservations made up to that point. The client application needs a conversation with an object managed by the server application, and the client application needs to make multiple invocations on a specific object instance. The conversation may be characterized by one or more of the following:
Data is cached in memory or written to a database during or after each successive invocation; data is written to a database at the end of the conversation; the client application needs the object to maintain an in-memory context between each invocation; that is, each successive invocation uses the data that is being maintained in memory across the conversation; at the end of the conversation, the client application needs the ability to cancel all database write operations that may have occurred during or at the end of the conversation.
As an alternate example, consider an Internet-based online shopping cart application. Users of the client application browse through an online catalog and make multiple purchase selections. When the users are done choosing all the items they want to buy, they proceed to check out and enter their credit card information to make the purchase. If the credit card check fails, the shopping application needs a mechanism to cancel all the pending purchase selections in the shopping cart, or roll back any purchase transactions made during the conversation. Within the scope of a single client invocation on an object, the object performs multiple edits to data in a database. If one of the edits fails, the object needs a mechanism to roll back all the edits. (In this situation, the individual database edits are not necessarily EJB or RMI invocations. A client, such as an applet, can obtain a reference to the Transaction and TransactionManager objects, using JNDI, and start a transaction). As another example, consider a banking application. The client invokes the transfer operation on a teller object. The transfer operation requires the teller object to make the following invocations on the bank database: invoking the debit method on one account; and invoking the credit method on another account. If the credit invocation on the bank database fails, the banking application needs a mechanism to roll back the previous debit invocation.
A problem with the traditional methods of transaction management described above, is that they do not allow for lightweight clients to reliably participate in the transaction process. As referred to herein a lightweight client is typically a client which runs on a single-user, unmanaged desktop system that in turn has irregular availability. For example, PC (personal computer) or desktop owners may turn their desktop systems off when they are not in use. These single-user, unmanaged desktop systems should ideally not be required to perform complex and necessary network functions such as transaction coordination. In particular, unmanaged systems should not be responsible for ensuring the atomicity, consistency, isolation, and durability (ACID) properties desired of transactions involving server resources. A mechanism is required that removes the burden of such responsibilities from the client, and assists in the transaction commit process while ensuring overall transaction integrity.